To Outsource or Not to Outsource your Cyber Security? That is THE Question.

Today’s cybersecurity landscape is changing at a pace we’ve never seen before, and the ability for companies of all sizes to keep up is becoming increasingly difficult.

So that begs the question, and one that myself and my colleagues get very frequently, why would we outsource our security? 

There are so many reasons why companies should very seriously consider enhancing what they’re doing internally by partnering with external experts, but I will lay out the Top 3 we’re seeing in the marketplace today.

1. Time & Cost
2. Breadth of Knowledge
3. Business Acumen

Time & Cost

The time it takes you to hire a team, train them, and ultimately pay them, is a huge expense in both time and money. Trying to find these industry certified experts in today’s market is extremely difficult, we should know, we’re constantly looking to add these experts to our own team. Keeping up with the training they need, and retention will also be hard task.

Breadth of Knowledge

If you hire just one person, that person’s knowledge is limited. For example, let’s say you hire a network engineer, does that person know Linux and Windows?  Maybe, but they probably know the Cisco commands much better.  Security is just as diverse as any other IT job.  There are so many aspects of security that the person you hire may not be knowledgeable on.  Also, what happens when the person needs to go to training or takes a vacation, who covers for them? Remember, you need a team of experts on hand 24/7/365 to protect your environment.

Business Acumen

These are just a few basic area’s that an outsourced security provider should excel at.  They should be able to understand what is abnormal in your network and be able to alert you 24 hours a day if something deviates out of a specific range.  This provider should also be able to make high level suggestions on where your risk is and how you can reduce your attack surface.

If you have read any of my blogs in the past, I tend to recommend many solutions, for example security awareness training, SIEM solutions, vulnerability scans, and penetration tests. While I normally don’t try to promote Thrive in my posts, I am going to toot our own horn in this case.  Thrive is doing something unique that many other outsourced security firms are not, and that is remediation.  If we manage your environment and you purchase security services from us, then we help you remediate the problems.  Finding vulnerabilities and notification of issues is the easy part.  Fixing these vulnerabilities and issues is the hard part, which is why almost nobody else does it.  Thrive works with our clients to either fix the issue or accept the risk.  While some companies will tell you to fix every vulnerability, that is not a realistic goal.  Some vulnerabilities can’t be fixed because the vendor hasn’t released a patch, or if you do patch, an application will break.  In those cases, you must review the risk of being exploited and make a business decision to either accept that risk or remove the device or application that has the vulnerability.

As always please feel free to give Thrive a call if you want any more information on what we can offer you.